IEC 61784-3:2021 pdf download – Industrial communication networks – Profiles – Part 3: Functional safety fieldbuses – General rules and profile definitions.
1 Scope This part of the IEC 61 784-3 series explains some common principles that can be used in the transmission of safety-relevant messages among participants within a distributed network which use fieldbus technology in accordance with the requirements of IEC 61 508 (all parts) 1 for functional safety. These principles are based on the black channel approach. They can be used in various industrial applications such as process control, manufacturing automation and machinery. This part and the IEC 61 784-3-x parts specify several functional safety communication profiles based on the communication profiles and protocol layers of the fieldbus technologies in IEC 61 784-1 , IEC 61 784-2 and IEC 61 1 58 (all parts). These functional safety communication profiles use the black channel approach, as defined in IEC 61 508. These functional safety communication profiles are intended for implementation in safety devices exclusively. NOTE 1 Other safety-related communication systems meeting the requirements of IEC 61 508 (all parts) can exist that are not included in IEC 61 784-3 (all parts). NOTE 2 It does not cover electrical safety and intrinsic safety aspects. Electrical safety relates to hazards such as electrical shock. Intrinsic safety relates to hazards associated with potentially explosive atmospheres. All systems are exposed to unauthorized access at some point of their life cycle. Additional measures need to be considered in any safety-related application to protect fieldbus systems against unauthorized access. IEC 62443 (all parts) will address many of these issues; the relationship with IEC 62443 (all parts) is detailed in a dedicated subclause of this document. NOTE 3 Implementation of a functional safety communication profile according to this document in a device is not sufficient to qualify it as a safety device, as defined in IEC 61 508 (all parts). NOTE 4 The resulting SIL claim of a system depends on the implementation of the selected functional safety communication profile within this system.
5.4 Deterministic remedial measures 5.4.1 General Subclauses 5.4.2 to 5.4.9 list measures commonly used to detect deterministic errors and failures of a communication system, as contrasted to stochastic errors like message corruption due to electromagnetic interference. 5.4.2 Sequence number A sequence number is integrated into messages exchanged between message source and message sink. It may be realised as an additional data field with a number that changes from one message to the next in a predetermined way. 5.4.3 Time stamp In most cases, the content of a message is only valid at a particular point in time. The time stamp may be a time, or time and date, included in a message by the sender. NOTE Relative time stamps and absolute time stamps can be used. Time stamping requires the time base to be synchronized. For safety applications, synchronization shall be regularly monitored, and the probability of this mechanism failing shall be included in the assessment of the overall safety function. 5.4.4 Time expectation During the transmission of a message, the message sink checks whether the delay between two consecutively received messages exceeds a predetermined value. In this case, an error has to be assumed. EXAMPLE Time-slot-oriented access method: – the exchange of messages takes place within fixed cycles and predetermined time slots for every participant; – optionally, every participant sends his data within its time slot even if there is no value change (this is an example of cyclic communication); – to identify a participant who did not transmit within its associated time slot, a source identification is added.
5.4.8 Redundancy with cross checking In safety-related fieldbus applications, the safety data may be sent twice, within one or two separate messages, using identical or different integrity measures, independent from the underlying fieldbus. NOTE Additional redundant functional safety communication models are described in Annex A. In addition to this, the transmitted safety data is cross-checked for validity over the fieldbus or over a separate connection source/sink unit. If a difference is detected, an error shall have taken place during the transmission, in the processing unit of the source or the processing unit of the sink. When redundant media are used, then common mode protection should be considered using suitable measures (for example diversity, time skewed transmission).
IEC 61784-3:2021 pdf download – Industrial communication networks – Profiles – Part 3: Functional safety fieldbuses – General rules and profile definitions
Note:
If you can share this website on your Facebook,Twitter or others,I will share more.